truthspy | 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Analysis

max time kernel
12s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
14/12/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk
Size

3.6MB
MD5

0366ae0abf0ada8aed90322bfe07dfd5
SHA1

2f0779ce64f02944e87674745cb446c5bc620607
SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA512

52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677
SSDEEP

98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score

10^/10

truthspy banker collection credential_access discovery evasion infostealer spyware trojan

Malware Config

Extracted

Family

truthspy

http://protocol-a100.phoneparental.com/protocols

Signatures

Truthspy
Truthspy is an Android stalkerware.
trojan infostealer spyware truthspy
Truthspy family
truthspy

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.systemservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.systemservice

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.systemservice

com.systemservice
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
PID:4789

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.systemservice/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
5eec3f15b3f6ae670731faeb87604e7b

SHA1
99844405ffc00c405067039c53aa27f3e1933d14

SHA256
925e58071b9d8ee5ee17a860cceeb74e426093877d811a1873977be5774ce8ac

SHA512
4cb21a7888de44e6e7e34a883aac5b8a94aee1c08ce6e622f1ece39e3d29686518e091f785cd99508cd6a5c0816e0f9ace1b553605d3e256a35047040d8ada34

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
856ab0f2e77329ae087c1efeecefdc15

SHA1
a4bde97cdde6385ad59ebdcf146ce6ceb99f40f7

SHA256
86460913f459b23f4840adb3f8d5ea86562735e4fc7e9a3ff21d9c244aa6a2c7

SHA512
7a4e6b85f794ce3e1c82b3eca6b3824fac1a035c9b7f1225998c3e5978630c8cbb8cea65aa4acb15422634d76e21a61e86929c33de1fc5dceea01de119dcd873

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
cbcfefd076c7e95d94c3b0804a017c91

SHA1
3a23701b2af7ef120ea4c24af3736bcc5c5f36a1

SHA256
ed90d9fa9f2c76384974aa83975cbba42c2518e99739c32f59807c53546abe9e

SHA512
a1aced2c1ed2517e8aabbb2b4026177a6fefb17b8e0107932cbc2729b0ba6e3fd4679e8577408836814b5d9ed438083df07ea5dbeeae24e0b7ee32c3ea3bafd4

Download Submit
/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a599a9df39d9b3c5e78de322913e7b53

SHA1
5a97efc304c29b2b310c9516910c8accee67fae5

SHA256
1a2ee6fc91d3eedc76e914025783929bb4d0a5c297a284a56c881e53927cac2b

SHA512
08d41e3e4b44225ce2c0e7868a7e90a781340b7090069a03459cbb01b6b43a7f723c0fcadbfbecdc77a367e91d69de2418984a7db89f34772d3bfeef03d19d61

Download Submit
/data/data/com.systemservice/databases/core.db

Filesize
36KB

MD5
045489a0639eee27bca52f48828cd93d

SHA1
436e7966e7c019273c44faa4d8c5709b816dfda3

SHA256
0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

SHA512
c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6980b70eecd1b8a42c0923fce68357b1

SHA1
b0f54dd9eebd1d8787d34458cdc1f6579de57a26

SHA256
70582385fae417d12da1ba7db9ad16538337f7160fe39c6239093af0df8f6c9b

SHA512
f8693cb6d7293ca97eb17a69d917799ac0e77347dd5e900ed1c256168441496b2834b22b1020e122f76e9c6bc0ae44588f2884773f347ecabf71f8b08ecc26f4

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0cacf671d752ce4bdf4e9a0564aa95c7

SHA1
4bba0455abba5917f5059a1ee0e3c0009cf02fcc

SHA256
7c8e11baec1d878451f39229575022265b96d91236b22568026619c692a365c7

SHA512
5920f17c0ceed4485c897219e88e722cfccae87e8f9bae640dbd7a085246f419d087af8be4fcf78f99dd25da9b1b6f1a53a4d4cf2458e1ca42e7f5015165ec1d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0ac5b8575a929409f108e0a05b6d8509

SHA1
8d91fbef325b32b1d077ec88523b5c5eeaa8fa9c

SHA256
b41ac81cf2bc2ea3a5af51146ac0d9fe71aca5e54a28a108f1a60d81048093c3

SHA512
465960bff6642d25d6854a24d858b87ff41d4addb37f498bd3e6960936ca44bbfbab2eadc954df15f1e23ea1af033da94dccc2ded6400053a177d16afc31c3f0

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f24c53b5b55b8aeece91e4a4971565b9

SHA1
bd336f0173236ab6db06caee5221a69a70307ee7

SHA256
8a0611f4cfb6f6b50cbeee55666401ed05d40c788348c6af2d239c64e94668f5

SHA512
14ac8cf2826c9cf82855f02649b2edb1273fa1ad4410997baa95f8f6fafd6889d102a00cdac2f57aa4b64f49014e024fd0bef2b7cd025a9e87050abf6b5bc775

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2238195eab25764b61f2d26ef6a720af

SHA1
d366efd0cc079f0f87d23c630ec8d99f90541731

SHA256
599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef

SHA512
478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0d99b1af15cc34e33779dcb8b7127bee

SHA1
3c6384b541585a66ff0603ed8ec7f50a0f7813bd

SHA256
f9ac56076c5d5a86bb3eae34e2a3b7b89fd22851d23525639a791059cce2a925

SHA512
f6da96359b4e5c8cbb678da43e85878055a3452b17b373d52608b7f2a6f51d478e3e10535c949e4d8af19044c2c55729d7c41bdefff518467bc51f8738dbb9e9

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
021aa03950495123eb999b8b7957d968

SHA1
9afb1bea08130aa76d88db31c71c3f4ba8804c3f

SHA256
cd9bf0f87c2df8ef85c78d29b3078764eaf275fcde5410c5154690c63d79a2f3

SHA512
c1c0acb6bc192a1927d7f85e4a1241e7372d3436a8c6634b1efb8ecd9b26c77a24c4ac71d8a2b4c0dc83635b8200b235297c21f9c62462c9ba6f680222fc705d

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
2468a720f0fc0ba81aaec2f4282af502

SHA1
49c32b54fa619e76b8264679bdeae40131ad6c3b

SHA256
a60a9bf7664ee6ef007c268862ab94f8a8e832dff96b6c33f85522414b2599f4

SHA512
eefc2b3368a796b9eef66d346afa78f112dfd5cab4d5b85ad361105cc733c557578294f6bc01f7a0bad86ae318e75504f017cbf2fbb84625e0b8e661a89666ce

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f6d2f03b4d38a6ef6e89dfc636a9fc7f

SHA1
dd0b858ba232c9a07f679b29e0a8097ab7b9a665

SHA256
613dc3abee3cbd136909d94c942a78c8b2137aa198462a6e2c63a0593e504afa

SHA512
1a2f155e2c233b50a3bca30e905fc54f7ca25e687d166b82ca53a7b2e03b9c9e84ab4e103eb432975cb815674b2ca1cb0b7ca3bfb116815decd2b5f609c25b97

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5cd46bb00406a0a745a9a1d999803e5b

SHA1
1e4b50f5e58597738474affc5dcd37405c271b93

SHA256
136e539f35e55902d079ef4cb04708d6960ad68886330bf79c1a4429b1815742

SHA512
6976f8ac31b87b960cb6a1d7f1e1e980bbd77057e5840a27d6e01a234253eebd2c39a0aef967c1d276a747ce002fbb91fc06ac2682a2550cf0446a7653fbb2a8

Download Submit
/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bffcd22e47cd07bd388e6fcbf1724fde

SHA1
d70353f09d90c5131ef835fbc64a94e961b4e934

SHA256
ceda1e276ba6ae40ed9f2e4222cde089d9bb47ce11c149c5103e76530e450b54

SHA512
2540c90dc2865c7a14181c0d628dcd7e3476936f542d77a415ef47003ea9b07bb30a9250453eeea50952eacfb6e6cc77c1cd43ad571ea245a11be48f7f070535

Download Submit
/data/data/com.systemservice/files/PersistedInstallation2356746593540033723tmp

Filesize
90B

MD5
9b6f594a1de97dd194e20ebcf9ba8e47

SHA1
ddb1f53e88679020788f70ae92660f869db91377

SHA256
f6d9574270afe9aecb6a150b407195b58a02828208b0d762e1b0a2068e62df86

SHA512
002024f7c2d5d1d7edc65c5dcfd43b1304c5cda96ec0a207f4f215ad2bfaf38b5c0545c031f00860be878016c721d7bde6546347f83091f8e5b633964545cc40

Download Submit
/data/data/com.systemservice/files/PersistedInstallation6713060604065161604tmp

Filesize
556B

MD5
472092800b76962fac597fbb805a22f8

SHA1
4e0b96a0c0a37c0f385b5b1edd8a548cbc036813

SHA256
c64c3b4bc90038c3992e64a559f99ee86aa45d0a80a34310cab331ee070c1f51

SHA512
c31d6127a523093cda230108b35549164c428e92cee641cd5a1a2ec37275301c294a45eba5bdb7e762c16d7ea008d9a7669dfb05e2b8b8ea6949cbf59deb5b4f

Download Submit
/data/data/com.systemservice/log/log4j.txt

Filesize
6KB

MD5
fbf95d9243e4f35eb77a1e2f1c7e8149

SHA1
34415b9d09f8c8914ba43982f28fc74428342e78

SHA256
ef6234a4355f4b0fe1f8a409959642ca7e39da7a34761d4e447173e2578ab70d

SHA512
c4d38859d0b7e6e583c393a4aef4e470f2bd8c99a9ca7d412fd5222991e041687f13f66b2b4295c85c21ccf7d2f2f31c75fbc865fd59395c6900c04e4e43528c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads